We develop a hierarchical immunological model to detect bot activities in a computer network. In the proposed model
antibody (detector)-antigen (foreign object) reactions are defined using negative selection based approach and negative
systems-properties are defined by various temporal as well as non-temporal systems features. Theory of sequential
hypothesis testing has been used in the literature for identifying spatial-temporal correlations among malicious remote
hosts and among the bots within a botnet. We use it for combining multiple immunocomputing based decisions too.
Negative selection based approach defines a self and helps identifying non-selves. We define non-selves with respect to
various systems characteristics and then use different combinations of non-selves to design bot detectors. Each detector
operates at the client sites of the network under surveillance. A match with any of the detectors suggests presence of a
bot. Preliminary results suggest that the proposed model based solutions can improve the identification of bot activities.